Vulnerabilities > Apple > Iphone OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-18 | CVE-2013-5197 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
| 2013-12-18 | CVE-2013-5196 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
| 2013-11-18 | CVE-2013-5193 | Credentials Management vulnerability in Apple Iphone OS The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | 4.7 |
| 2013-09-28 | CVE-2013-5161 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | 4.4 |
| 2013-09-19 | CVE-2013-5159 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | 4.3 |
| 2013-09-19 | CVE-2013-5157 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | 5.0 |
| 2013-09-19 | CVE-2013-5156 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | 4.3 |
| 2013-09-19 | CVE-2013-5154 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | 4.3 |
| 2013-09-19 | CVE-2013-5152 | Improper Input Validation vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | 4.3 |
| 2013-09-19 | CVE-2013-5151 | Cross-Site Scripting vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | 4.3 |